des
f486315183
Resolve conflicts.
2006-11-10 16:52:41 +00:00
des
f591b3e29c
Vendor import of OpenSSH 4.5p1.
2006-11-10 16:39:21 +00:00
des
11e3a8c8c1
This commit was generated by cvs2svn to compensate for changes in r164146,
...
which included commits to RCS files with non-trunk default branches.
2006-11-10 16:39:21 +00:00
des
d75fd1fec6
Don't define XAUTH_PATH here, we either pass it in on the compiler command
...
line or rely on the built-in default.
2006-10-06 14:27:26 +00:00
des
91390ee9f2
Go figure how an extra $Id$ line crept in...
2006-10-04 10:21:00 +00:00
des
178eb45ceb
Merge vendor patch.
2006-10-04 10:15:53 +00:00
des
e6cc400c8f
Apply vendor patch to fix detection of tap / tun headers and ENGINE support.
2006-10-04 10:14:30 +00:00
des
351bcb5c21
Tweak ifdefs for backward compatibility.
2006-10-03 11:33:25 +00:00
des
24e2cf96ac
Dead files.
2006-10-02 13:29:41 +00:00
des
a74a69e336
Regenerate; no effect on the code as it doesn't actually use the handful of
...
conditionals that changed in this revision.
2006-10-02 12:45:27 +00:00
des
14ad83d6bf
Update configure options and add some missing steps.
...
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
2006-10-02 12:39:28 +00:00
des
0824f0c0e7
Regenerate.
...
MFC after: 1 week
2006-09-30 13:40:56 +00:00
des
ac038c1070
#include <errno.h>; this has the unfortunate side effect of taking the file
...
off the vendor branch.
MFC after: 1 week
2006-09-30 13:40:35 +00:00
des
0f481d7c8c
Removed from vendor branch.
...
MFC after: 1 week
2006-09-30 13:39:35 +00:00
des
e16bfbb7bc
Bump version addendum.
...
MFC after: 1 week
2006-09-30 13:39:07 +00:00
des
4ff234ef46
Merge conflicts.
...
MFC after: 1 week
2006-09-30 13:38:06 +00:00
des
2f35ce4773
Vendor import of OpenSSH 4.4p1.
2006-09-30 13:29:51 +00:00
des
abd7c8704b
This commit was generated by cvs2svn to compensate for changes in r162852,
...
which included commits to RCS files with non-trunk default branches.
2006-09-30 13:29:51 +00:00
des
97a1b8f884
Merge vendor patch for BSM problem in protocol version 1.
...
MFC after: 1 week
2006-09-16 15:12:58 +00:00
des
03ef9d989b
Vendor patch for a problem that prevented using protocol version 1 when
...
BSM was enabled.
2006-09-16 15:10:13 +00:00
des
d9ba51b5fc
Our glob(3) has all the required features.
...
Submitted by: ache
2006-06-09 08:39:05 +00:00
des
a34ad0a5f7
Revert inadvertant commit of debugging code.
2006-06-09 07:23:14 +00:00
des
148092431d
Introduce a namespace munging hack inspired by NetBSD to avoid polluting
...
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)
Suggested by: lukem@netbsd.org
MFC after: 6 weeks
2006-05-13 13:47:45 +00:00
des
9c68158992
Fix utmp. There is some clever logic in configure.ac which attempts to
...
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.
Noticed by: ache
2006-03-23 21:31:42 +00:00
des
eb091e1fc6
Regenerate.
2006-03-22 20:41:53 +00:00
des
7c07891caf
Merge conflicts.
2006-03-22 20:41:37 +00:00
des
448503722a
Vendor import of OpenSSH 4.3p1.
2006-03-22 19:46:12 +00:00
des
c2efe9a305
This commit was generated by cvs2svn to compensate for changes in r157016,
...
which included commits to RCS files with non-trunk default branches.
2006-03-22 19:46:12 +00:00
ru
388e590f95
Reimplementation of world/kernel build options. For details, see:
...
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
dfr
d9cbcb50b5
Add a new extensible GSS-API layer which can support GSS-API plugins,
...
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
des
fbfe6dd7e0
Regenerate
2005-09-03 07:08:51 +00:00
des
88c7c9558b
Resolve conflicts.
2005-09-03 07:04:25 +00:00
des
755a16fa86
Vendor import of OpenSSH 4.2p1.
2005-09-03 06:59:33 +00:00
des
1ea3628aba
This commit was generated by cvs2svn to compensate for changes in r149749,
...
which included commits to RCS files with non-trunk default branches.
2005-09-03 06:59:33 +00:00
des
f0dcade643
fine-tune.
2005-09-03 06:42:11 +00:00
des
af7fe6f7d6
Forgot to bump the version addendum.
2005-06-05 18:30:53 +00:00
des
ec61b1c40a
Regenerate.
2005-06-05 15:46:27 +00:00
des
983ad11a1c
Resolve conflicts.
2005-06-05 15:46:09 +00:00
des
3c5bc6b274
Update for 4.1p1.
2005-06-05 15:43:57 +00:00
des
c4dfc1ed3b
Vendor import of OpenSSH 4.1p1.
2005-06-05 15:41:57 +00:00
des
35c298a910
This commit was generated by cvs2svn to compensate for changes in r147001,
...
which included commits to RCS files with non-trunk default branches.
2005-06-05 15:41:57 +00:00
des
11a09ab416
Vendor import of OpenSSH 4.0p1.
2005-06-05 15:40:50 +00:00
des
7688286f9d
This commit was generated by cvs2svn to compensate for changes in r146998,
...
which included commits to RCS files with non-trunk default branches.
2005-06-05 15:40:50 +00:00
des
9230b25dd7
Rewrite some of the regexps so they don't match themselves.
2005-06-04 23:18:33 +00:00
des
2ed082fd66
Better Xlist command line.
2004-10-28 16:13:28 +00:00
des
a744ec13ad
Resolve conflicts
2004-10-28 16:11:31 +00:00
des
d5d493f03a
Vendor import of OpenSSH 3.9p1.
2004-10-28 16:03:53 +00:00
des
b0cdf22191
This commit was generated by cvs2svn to compensate for changes in r137015,
...
which included commits to RCS files with non-trunk default branches.
2004-10-28 16:03:53 +00:00
des
0a4f1e0cd4
These are unnecessary and have been causing imp@ trouble.
2004-10-27 19:07:36 +00:00
des
aaa4408d55
Regenerate.
2004-04-20 09:49:37 +00:00
des
6e7fa35a0a
One more conflict.
2004-04-20 09:47:13 +00:00
des
e5d801b2d6
Resolve conflicts.
2004-04-20 09:46:41 +00:00
des
efa3572464
Adjust version number and addendum.
2004-04-20 09:37:29 +00:00
des
c69db9c5a2
Vendor import of OpenSSH 3.8.1p1.
2004-04-20 09:35:04 +00:00
des
13038249fe
This commit was generated by cvs2svn to compensate for changes in r128456,
...
which included commits to RCS files with non-trunk default branches.
2004-04-20 09:35:04 +00:00
des
2fe413a41a
Correctly document the default value of UsePAM.
2004-03-15 18:38:29 +00:00
des
437b8c0fdd
Update VersionAddendum in config files and man pages.
2004-02-26 11:54:03 +00:00
des
c05d4b9b43
Define HAVE_GSSAPI_H.
2004-02-26 11:06:29 +00:00
des
77d6d5a07e
Regenerate.
2004-02-26 10:57:38 +00:00
des
c7ba229763
Document recently changed configuration defaults.
2004-02-26 10:57:28 +00:00
des
124c4a1415
Resolve conflicts.
2004-02-26 10:52:33 +00:00
des
7d1750f1d6
Vendor import of OpenSSH 3.8p1.
2004-02-26 10:38:49 +00:00
des
1754c77e5e
This commit was generated by cvs2svn to compensate for changes in r126274,
...
which included commits to RCS files with non-trunk default branches.
2004-02-26 10:38:49 +00:00
des
b1ffd1f6ac
Merge OpenSSH 3.8p1.
2004-02-26 10:38:38 +00:00
des
270e7d7140
Prepare for upcoming 3.8p1 import.
2004-02-26 10:37:34 +00:00
des
85717525b0
Pull asbesthos underpants on and disable protocol version 1 by default.
2004-02-26 10:24:07 +00:00
des
49dee586c1
Turn non-PAM password authentication off by default when USE_PAM is
...
defined. Too many users are getting bitten by it.
2004-02-19 15:53:31 +00:00
des
84ff378ae4
Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect
...
reality.
2004-01-25 13:09:56 +00:00
des
31d02c599b
Work around removal of EAI_NODATA from netdb.h.
2004-01-18 22:31:30 +00:00
des
5c8d98dfbd
Don't output the terminating '\0' (already fixed in OpenSSH CVS)
2004-01-09 12:57:36 +00:00
des
c3b2098e8b
This commit was generated by cvs2svn to compensate for changes in r124287,
...
which included commits to RCS files with non-trunk default branches.
2004-01-09 12:57:36 +00:00
des
f773ff17e4
Egg on my face: UsePAM was off by default.
...
Pointed out by: Sean McNeil <sean@mcneil.com>
2004-01-09 08:07:12 +00:00
des
59fac3f07b
Regenerate config.h; I don't know why this didn't hit CVS yesterday.
2004-01-08 09:42:35 +00:00
des
bd159d8b4f
Remove obsolete files on the vendor branch.
2004-01-08 09:33:46 +00:00
des
ee97d7f67c
Update to reflect changes since the last version.
2004-01-07 11:51:18 +00:00
des
7545fb1c7e
Resolve conflicts and remove obsolete files.
...
Sponsored by: registrar.no
2004-01-07 11:16:27 +00:00
des
b5d16e7138
Vendor import of OpenSSH 3.7.1p2.
2004-01-07 11:10:17 +00:00
des
b5f9e06a6d
This commit was generated by cvs2svn to compensate for changes in r124208,
...
which included commits to RCS files with non-trunk default branches.
2004-01-07 11:10:17 +00:00
des
fd8a3b71eb
Merge OpenSSH 3.7.1p2.
2004-01-07 11:10:02 +00:00
simon
b25ecb5dd4
Add a missing word.
...
Submitted by: Michel Lavondes <fox@vader.aacc.cc.md.us>
Reviewed by: des
MFC after: 1 week
2003-10-31 21:49:47 +00:00
des
365ce457b0
Plug a memory leak in the PAM child process. It is of no great consequence
...
as the process is short-lived, and the leak occurs very rarely and always
shortly before the process terminates.
MFC after: 3 days
2003-10-23 08:27:16 +00:00
joe
dc42ef0264
Additional corrections to OpenSSH buffer handling.
...
Obtained from: openssh.org
Originally committed to head by: nectar
2003-09-26 19:15:53 +00:00
joe
62fcef3496
This commit was generated by cvs2svn to compensate for changes in r120489,
...
which included commits to RCS files with non-trunk default branches.
2003-09-26 19:15:53 +00:00
joe
175ed5a6e4
Additional corrections to OpenSSH buffer handling.
...
Obtained from: openssh.org
Originally committed to head by: nectar
2003-09-26 19:15:53 +00:00
des
0b9dcf3092
Update version string.
2003-09-24 19:20:23 +00:00
des
202ae7da6f
Remove bogus calls to xfree().
2003-09-24 19:11:52 +00:00
des
7ddad9d4af
resp is a pointer to an array of structs, not an array of pointers to structs.
2003-09-24 18:26:29 +00:00
des
005a1d4afd
Return the correct error value when a null query fails.
2003-09-24 18:24:27 +00:00
des
21906911ce
Fix broken shell code.
2003-09-19 11:29:51 +00:00
nectar
0689a1c0d3
Correct more cases of allocation size bookkeeping being updated before
...
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
2003-09-17 14:36:14 +00:00
nectar
441fabb06e
This commit was generated by cvs2svn to compensate for changes in r120161,
...
which included commits to RCS files with non-trunk default branches.
2003-09-17 14:36:14 +00:00
nectar
bacf67e6ca
Correct more cases of allocation size bookkeeping being updated before
...
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
2003-09-17 14:36:14 +00:00
nectar
359ce984aa
Update the OpenSSH addendum string for the buffer handling fix.
2003-09-16 14:33:04 +00:00
nectar
8cd211c561
Do not record expanded size before attempting to reallocate associated
...
memory.
Obtained from: OpenBSD
2003-09-16 06:11:58 +00:00
nectar
ff50ba9baf
This commit was generated by cvs2svn to compensate for changes in r120113,
...
which included commits to RCS files with non-trunk default branches.
2003-09-16 06:11:58 +00:00
des
7fc179286a
Add a "return" that was missing from 3.6.1p1. Since it's been fixed in
...
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
2003-06-24 19:30:44 +00:00
des
270ae60a45
This commit was generated by cvs2svn to compensate for changes in r116791,
...
which included commits to RCS files with non-trunk default branches.
2003-06-24 19:30:44 +00:00
des
108403d091
Fix off-by-one and initialization errors which prevented sshd from
...
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
2003-05-28 19:39:33 +00:00
des
e0263bb5ea
Revert unnecessary part of previous commit.
2003-05-13 10:18:49 +00:00
des
ab070fe748
Rename a few functions to avoid stealing common words (error, log, debug
...
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
2003-05-12 19:22:47 +00:00
des
8a5b06b8e0
Remove RCSID from files which have no other diffs to the vendor branch.
2003-05-01 15:05:43 +00:00
des
a4b5e84c1c
Nit.
2003-04-23 17:23:06 +00:00
des
471d81d867
Improvements to the proposed shell code.
2003-04-23 17:21:55 +00:00
des
5e9cbb7bff
Regenerate.
2003-04-23 17:21:27 +00:00
des
58b9db3b6f
Resolve conflicts.
2003-04-23 17:13:13 +00:00
des
85b37b9574
Vendor import of OpenSSH-portable 3.6.1p1.
2003-04-23 16:53:02 +00:00
des
6d34992e86
This commit was generated by cvs2svn to compensate for changes in r113908,
...
which included commits to RCS files with non-trunk default branches.
2003-04-23 16:53:02 +00:00
des
39ecd8ace7
- when using a child process instead of a thread, change the child's
...
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
2003-03-31 13:48:18 +00:00
des
2f9a965fa9
If an ssh1 client initiated challenge-response authentication but did
...
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
2003-03-31 13:45:36 +00:00
des
fc3e30fe3b
Paranoia: instead of a NULL conversation function, use one that always
...
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
2003-02-16 11:03:55 +00:00
des
f4ca4d4385
document the current default value for VersionAddendum.
2003-02-11 12:11:15 +00:00
des
a6e843c458
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
...
MFC after: 3 days
2003-02-07 15:48:27 +00:00
trhodes
914d9fc8a8
The manual page lists only 2 files, however it reads as `three files' which is
...
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
2003-02-05 02:14:03 +00:00
des
b9730314a0
Linux-PAM's pam_start(3) fails with a bogus error message if passed the
...
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
2003-02-03 14:10:28 +00:00
des
8da928f615
Bump patch date to 2003-02-01 (the day after I fixed PAM authentication
...
for ssh1)
2003-02-03 11:11:36 +00:00
des
a428b35290
Fix keyboard-interactive authentication for ssh1. The problem was twofold:
...
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
2003-01-31 11:08:07 +00:00
des
d37413d05a
Force early initialization of the resolver library, since the resolver
...
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
2003-01-22 14:12:59 +00:00
des
a9741e060a
The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was
...
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
2002-12-21 15:09:58 +00:00
des
06b0ce4f65
If possible, use pthreads instead of a child process for PAM.
...
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
2002-12-14 13:52:39 +00:00
des
b6985eb271
Add a missing #include "canohost.h".
2002-12-14 13:48:47 +00:00
des
a46b8cda04
Remove code related to the PAMAuthenticationViaKbdInt option (which we've
...
disabled). This removes the only reference to auth2_pam().
2002-12-14 13:48:13 +00:00
des
9f8ff3709f
Back out a lastlog-related change which is no longer relevant.
2002-12-14 13:40:21 +00:00
des
bb06b52b06
Fix a rounding error in the block size calculation.
...
Submitted by: tjr
2002-12-14 13:38:49 +00:00
des
81fe169630
Since OpenSSH drops privileges before calling pam_open_session(3),
...
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
2002-12-03 15:48:11 +00:00
des
66bd92dc49
Add caveats regarding the effect of PAM on PasswordAuthentication and
...
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
2002-11-06 08:04:56 +00:00
des
398f2c44aa
Document the current default for VersionAddendum.
2002-11-05 17:25:15 +00:00
des
b0ec3f5077
Accurately reflect our local changes and additions.
2002-11-05 17:24:01 +00:00
des
e08b64e978
Document the current default value for VersionAddendum.
2002-11-05 17:17:09 +00:00
des
d6d0eadd15
Switch to two-clause license, with NAI's permission.
2002-11-02 19:55:23 +00:00
des
279b0fa809
Resolve conflicts.
2002-10-29 10:16:02 +00:00
des
ce26c10eda
Protect against tag expansion + fix some brainos.
2002-10-29 10:12:51 +00:00
des
4d499f34f8
Some tricks I use when I upgrade.
2002-10-29 09:56:16 +00:00
des
9f3147578a
Correct shell code to expand globs in FREEBSD-Xlist
2002-10-29 09:55:28 +00:00
des
b057cae3d7
More cruft.
2002-10-29 09:54:53 +00:00
des
099d1a58f7
Vendor import of OpenSSH-portable 3.5p1.
2002-10-29 09:43:00 +00:00
des
85f71815b9
This commit was generated by cvs2svn to compensate for changes in r106121,
...
which included commits to RCS files with non-trunk default branches.
2002-10-29 09:43:00 +00:00
ume
03b3b78217
sshd didn't handle actual size of struct sockaddr correctly,
...
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
2002-09-09 16:49:11 +00:00
kuriyama
aae5a5f01d
Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).
2002-09-09 02:00:28 +00:00
ache
15b8a90686
Do login cap calls _before_ descriptors are hardly closed because close may
...
invalidate login cap descriptor.
Reviewed by: des
2002-08-05 16:06:35 +00:00
fanf
1ae0b432fe
Use login_getpwclass() instead of login_getclass() so that the root
...
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
2002-07-29 00:36:24 +00:00
fanf
b26a01d35d
FreeBSD doesn't use the host RSA key by default.
...
Reviewed by: des
2002-07-26 15:16:56 +00:00
ache
57a3dbab09
Problems addressed:
...
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.
Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
2002-07-26 02:20:00 +00:00
fanf
8e466364e9
Document the FreeBSD default for CheckHostIP, which was changed in
...
rev 1.2 of readconf.c.
Approved by: des
2002-07-25 15:59:40 +00:00
des
0aa82e6d90
Whitespace nit.
2002-07-23 17:57:17 +00:00
des
5aaa4a883f
In pam_init_ctx(), register a cleanup function that will kill the child
...
process if a fatal error occurs. Deregister it in pam_free_ctx().
2002-07-17 17:44:02 +00:00
des
71869d2ebd
Use realhostname_sa(3) so the IP address will be used instead of the
...
hostname if the latter is too long for utmp.
Submitted by: ru
MFC after: 3 days
2002-07-11 10:36:10 +00:00
des
ed67e10a93
Do not try to use PAM for password authentication, as it is
...
already (and far better) supported by the challenge/response
authentication mechanism.
2002-07-10 23:05:13 +00:00
des
1983859ac6
Don't forget to clear the buffer before reusing it.
2002-07-10 23:04:07 +00:00
des
ac9c3868c1
Rewrite to use the buffer API instead of roll-your-own messaging.
...
Suggested by: Markus Friedl <markus@openbsd.org>
Sponsored by: DARPA, NAI Labs
2002-07-05 15:27:26 +00:00
des
cd66807aa2
(forgot to commit) We don't need --with-opie since PAM takes care of it.
2002-07-05 15:25:55 +00:00
des
7e54a0bbed
- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE.
...
- We don't have setutent(3) etc., and I have no idea why configure ever
thought we did.
2002-07-03 00:12:09 +00:00
des
f450aaf037
Two FreeBSD-specific nits in comments:
...
- ChallengeResponseAuthentication controls PAM, not S/Key
- We don't honor PAMAuthenticationViaKbdInt, because the code path it
controls doesn't make sense for us, so don't mention it.
Sponsored by: DARPA, NAI Labs
2002-07-03 00:08:19 +00:00
des
e9db3343e8
Version bump for mm_answer_pam_respond() fix.
2002-07-02 13:07:37 +00:00
des
7523600be4
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
...
PAM authentication failed due to an incorrect response.
2002-07-02 13:07:17 +00:00
des
9cc7de0fcd
Forgot to update the addendum in the config files.
2002-06-30 10:32:09 +00:00
des
3cde2270d8
Regenerate.
2002-06-29 11:58:32 +00:00
des
437db953e0
<sys/mman.h> requires <sys/types.h>.
2002-06-29 11:57:51 +00:00
des
72a8e501f7
Resolve conflicts.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
des
1ba793a7c0
Vendor import of OpenSSH 3.4p1.
2002-06-29 11:34:13 +00:00
des
96f831106b
This commit was generated by cvs2svn to compensate for changes in r99060,
...
which included commits to RCS files with non-trunk default branches.
2002-06-29 11:34:13 +00:00
des
1fe6eac54a
Commit config.h so we don't need autoconf to build world.
2002-06-29 11:31:02 +00:00
des
31ca40f6fa
OpenBSD lifted this code our tree. Preserve the original CVS id.
2002-06-29 11:25:20 +00:00
des
a1a5bcd8f6
Use our __RCSID().
2002-06-29 11:22:20 +00:00
des
f5c4526d2f
Make sure the environment variables set by setusercontext() are passed on
...
to the child process.
Reviewed by: ache
Sponsored by: DARPA, NAI Labs
2002-06-29 11:21:58 +00:00
des
eb9c7816d4
Canonicize the host name before looking it up in the host file.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:53 +00:00
des
c6ba2ba489
Apply class-imposed login restrictions.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:13 +00:00
des
3003a57dbb
PAM support, the FreeBSD way.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:56:23 +00:00
des
3f22fbc9c3
Document FreeBSD defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:55:18 +00:00
des
3e4ef54c7b
Document FreeBSD defaults and paths.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:53:57 +00:00
des
10f0309f20
Remove duplicate.
2002-06-29 10:52:42 +00:00
des
2d6cae03f1
Apply FreeBSD's configuration defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:51:56 +00:00
des
a56e989df5
Add the VersionAddendum configuration variable.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:49:57 +00:00
des
4d49e874a9
Support OPIE as an alternative to S/Key.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:44:37 +00:00
des
3aa72d2c55
Document the upgrade process.
2002-06-29 10:39:14 +00:00
des
4ff94afd20
Files we don't want to import.
2002-06-29 10:39:02 +00:00
des
5ba29faa04
Forcibly revert to mainline.
2002-06-27 22:42:11 +00:00
des
bb02848f18
Vendor import of OpenSSH 3.3p1.
2002-06-27 22:31:32 +00:00
des
0a08712215
This commit was generated by cvs2svn to compensate for changes in r98937,
...
which included commits to RCS files with non-trunk default branches.
2002-06-27 22:31:32 +00:00
dinoex
fd860e7d16
remove declaration of authlog
...
use variable from_host
Reviewed by: des
2002-06-24 11:11:30 +00:00
des
4db40e9ca5
IPv4or6 is already defined in libssh.
2002-06-24 10:15:26 +00:00
des
2894284b2a
Resolve conflicts and document local changes.
2002-06-23 21:42:47 +00:00
des
5375a0a2ad
Correctly export the environment variables set by setusercontext().
...
Sponsored by: DARPA, NAI Labs
2002-06-23 20:22:49 +00:00
des
fa8aa6dfe7
Resolve conflicts. Known issues:
...
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
des
610201f50f
Vendor import of OpenSSH 3.3.
2002-06-23 14:01:54 +00:00
des
0161794f0d
This commit was generated by cvs2svn to compensate for changes in r98675,
...
which included commits to RCS files with non-trunk default branches.
2002-06-23 14:01:54 +00:00
jedgar
a679ebf88a
Remove _PATH_CP now that it is defined in paths.h
...
Reviewed by: des
2002-05-12 01:52:11 +00:00
obrien
0908b99eb0
Usual after-import fixup of SCM IDs.
2002-05-01 22:39:53 +00:00
des
ec4b7563a5
Back out previous commit.
2002-04-25 16:53:25 +00:00
jkh
04da61f7a8
Change default challenge/response behavior of sshd by popular demand.
...
This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
2002-04-25 05:59:53 +00:00
ache
162e53dcfe
1) Proberly conditionalize PAM "last login" printout.
...
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.
Reviewed by: des (1)
2002-04-23 12:36:11 +00:00
des
ad8d1ef864
Don't report last login time in PAM case. (perforce change 10057)
...
Sponsored by: DARPA, NAI Labs
2002-04-22 06:26:29 +00:00
des
1a6399fa3b
Fix warnings + wait for child so it doesn't go zombie (perforce change 10122)
2002-04-22 06:25:13 +00:00
ache
ac2b640032
Move LOGIN_CAP calls before all file descriptors are closed hard, since some
...
descriptors may be used by LOGIN_CAP internally, add login_close().
Use "nocheckmail" LOGIN_CAP capability too like our login does.
2002-04-21 13:31:56 +00:00
ache
b8f64a3c9b
Fix TZ & TERM handling for use_login case of rev. 1.24
2002-04-20 09:56:10 +00:00
ache
a9f47835a0
1) Surprisingly, "CheckMail" handling code completely removed from this
...
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.
2) Cosmetique. Reduce number of args in do_setusercontext()
2002-04-20 09:26:43 +00:00
ache
4c135df5a2
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old
...
code merge.
2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).
2002-04-20 05:44:36 +00:00
ache
9cec8df7cf
Please repeat after me: setusercontext() modifies _current_ environment, but
...
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.
The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf
2002-04-20 04:38:07 +00:00
des
67bfdd081a
Fix some warnings. Don't record logins twice in USE_PAM case. Strip
...
"/dev/" off the tty name before passing it to auth_ttyok or PAM.
Inspired by: dinoex
Sponsored by: DARPA, NAI Labs
2002-04-14 16:24:36 +00:00
des
0e80f55d44
Back out previous backout. It seems I was right to begin with, and DSA is
...
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
2002-04-12 15:52:10 +00:00
des
0264ee3296
Knowledgeable persons assure me that RSA is preferable to DSA and that we
...
should transition away from DSA.
2002-04-11 22:04:40 +00:00